Monthly Archives: May 2016

With the app, customers would be able to see how a piece of furniture fits in their living room

Virtual and augmented realities aren’t just for gaming.

Wayfair Inc. , a Boston-based, 14-year-old e-commerce company that sells home furnishings, is working on an app based on Google’s Project Tango technology that would put augmented reality, and one day virtual reality, squarely in the enterprise.

If all goes as planned, customers using Wayfair’s app would go beyond looking at a photo of a love seat or table, reading the measurements and wondering how the piece would look in their living room.

The app would use Project Tango’s mapping, computer vision, depth-sensing, 3D-motion tracking and machine-learning technology to allow customers to see – on their Android smartphone or tablet – how a piece of furniture would look in their home.

If a customer walks around a room with the app running on a tablet, for instance, it would appear as if the object is in the room and she’s seeing it from different angles on the screen.

“This really makes sense for our business model,” said Mike Festa, director of Wayfair Next, the company’s research and development lab. “It’s an extension of our experience. … It will really help us compete with brick-and-mortar stores. It also should help with the rate of returns because it helps customers see the real one-to-one size of the product.”

With online shopping, customers get the measurements and dimensions for a product, but no sense of the space needed.

The new app, according to Festa, should help overcome what is a big problem for e-commerce companies.

“The Tango app lets you see a life-size version of the product so you can get a quick analysis of if it’s a good fit or not,” he added. “In this case, you can see what a 3-foot-wide love seat looks like in your space, and you can make a more informed decision.”

“This type of app shows the potential for augmented reality and how it can be used by enterprises to give their customers a much better feel for their products and even services,” said Dan Olds, an analyst with The Gabriel Consulting Group. “I can see a wide variety of businesses adopting this approach as the technology becomes better. Architects and contractors will be able to show homeowners exactly how a new addition will blend onto their existing home, for example. Retailers will be able to show you how a particular outfit will look on you. All of this allows consumers to make more informed decisions.”

Patrick Moorhead, an analyst with Moor Insights & Strategy, said he expects consumers will be intrigued with a Project Tango app.

“If the app does everything it says it will do, and does it quickly, accurately and looks representative of reality, then I think it will do quite well,” Moorhead said. “Accuracy is very important with this app, and if it’s off by a half inch, it could be an issue. Speed is important, too, as consumers don’t want to wait around for long… If it doesn’t deliver on those vectors, it will become a problem.”

Wayfair was one of the companies Google touted at I/O, its annual developer conference in Mountain View, Calif., last week.

The company’s sessions on Project Tango created a lot of interest with its demo of how organizations, including Wayfair and the American Museum of Natural History, are using it.

First announced in 2014, Project Tango gives devices the ability to know their position in the world, using sensors and other technologies, and processing the information quickly, without using GPS or other external signals.

Google said it has incorporated basic Tango APIs into Android N, the next version of Google’s mobile OS, which is expected to be released late this summer.

Lenovo is expected this summer to release the first of what Google says will be “many, many” Project Tango-enabled smartphones. More information on the smartphone, including a release date, is expected at Lenovo’s Tech World conference on June 9 in San Francisco.

When that first Tango-enabled device reaches the market, Wayfair wants its app to be ready to go.

Wayfair first entertained the idea of a Project Tango app last summer when Festa built a proof-of-concept app during a company hack-a-thon.

The idea caught on and the company began working on what will be the official Wayfair Tango app in January.

The company has about 3,000 of its approximately 7 million products on the app. Festa said the company can add about 10,000 products per month and hopes to have tens of thousands ready by the time the app goes live this summer.

At this point, Wayfair is focused on creating an app that will work on a two-dimensional device screen. It’s an augmented reality application, where the user sees the real world, but artificial, computer-generated content is placed in it.

One day, though, Festa said he hopes Wayfair will have a virtual reality app where customers will use headsets.

“Seeing it on a device on a two-dimensional screen is a lot more natural and a lot more now,” said Festa said. “With a lot of virtual reality or augmented reality, you need the headsets. That can be really intimidating. With Tango, people can get this now and it’s an immediate adoption that I think we’ll see because it’ll be more approachable… There’s a lower barrier to entry. There’s a lot of potential for what VR could be but not for right now.”

Course Content
This course is a three-day ILT training program that is designed for system and network engineers and administrators implementing and administering FlexPod solutions. This course covers key implementation procedures, management and basic troubleshooting tasks on the Cisco Nexus 5548UP, Cisco UCS and NetApp storage. Upon completing this course, the learner will be able to meet these overall objectives: – Identify the architecture, features and components of FlexPod – Describe implementation parameters for Components including Cisco Nexus 5500 switches, Cisco UCS and NetApp clustered Data ONTAP – Describe FlexPod management tools

Who Should AttendThe primary audience for this course is as follows: – Network engineers, Network administrators, Field Engineers The secondary audience for this course is as follows: – System Engineers, Consulting System Engineers and Server Administrators

QUESTION 3
Which policy detail should be set if you want a server to be exempt from all power capping?

A. Create a Power Control Policy and set Power Capping to No Cap
B. Create a Power Control Policy select cap and set the priority to 1
C. Create a Power Group with the appropriate chassis and set the Group Budget Power Cap (W) to 0.
D. The UCS Power Cap feature should not be utilized in a FlexPod environment.

Answer: A

Explanation:

QUESTION 4
Which two are correct about VSAN configuration within UCS Manager? (Choose two)

A. VSAN ID and FCoE VLAN ID have to match
B. VSAN can be configured as fabric interconnect specific
C. We can delete VSAN 1
D. VSAN IDs 3840-4079 are not available regardless of the Fabric Interconnect mode
E. VSAN can be configured as a global parameter
F. In addition to SAN tab, VSANs can be configured under UCSM Server tab as well

Answer: B,E

Explanation:

QUESTION 5
Which two are true about Fabric Interconnect L1 and L2 ports in cluster mode? (Choose two)

A. Fabric Interconnects connected via L1/L2 have to be the same model except during the upgrade
B. Ports are primarily used for management traffic, but can be used for data traffic as well
C. Fabric Interconnect ports L1 and L2 are 10 Gb links
D. Ports can only run as a port channel
E. Ports can only run as individual links
F. Ports can run as a port channel or as individual links

The Cisco Web Security Appliance (WSA) is a line of security devices that inspect Web traffic going in and out of an organization in order to detect malware, prevent data leaks, and enforce Internet access policies for users and applications. The devices run an operating system called Cisco AsyncOS.

One of the four DoS vulnerabilities fixed Wednesday by Cisco stems from how the OS handles a specific HTTP response code. An attacker could send a specifically crafted HTTP request in order to consume the entire memory of an affected device.

If this happens, the device will no longer accept new incoming connection requests, Cisco said in an advisory.

All Cisco AsyncOS versions older than 9.0.1-162 are affected. Users are advised to upgrade to this version. Version 9.1 is also unaffected.

Another DoS vulnerability is caused by a lack of proper input validation of the packets that make up HTTP POST requests. The flaw can be exploited through specifically crafted HTTP requests and can lead to the proxy process becoming unresponsive and the WSA reloading.

Only AsyncOS version 8.0 is affected by this vulnerability. Users can upgrade to 8.0.6-119 or 9.0.1-162, which contains patches for all four flaws, Cisco said in an advisory.

The third vulnerability stems from a failure to free memory when a file range for cached content is requested through the WSA. By opening multiple connections and requesting file ranges, an attacker can cause the WSA to run out of memory and stop passing traffic.

Versions 8.5 to 8.8 of AsyncOS are affected and Cisco recommends upgrading to 9.0.1-162.

The fourth vulnerability occurs because AsyncOS does not properly allocate space for the HTTP header and an expected HTTP payload. Exploiting this flaw can cause the proxy process to reload and the traffic to be stopped.

The flaw affects AsyncOS versions 8.8 and lower. Cisco has fixed the flaw in versions 8.5.3-069 for the 8.5 branch and 9.0.1-162.

In addition to the WSA flaws, Cisco also patched a moderate severity cross-site scripting vulnerability in the Web interface of the Cisco Unified Computing System (UCS) Central Software.

The 500-170 FlexPod Design exam is the exam that will test System Engineers on their knowledge of FlexPod solution. This exam tests a candidate’s knowledge of tools and standards for assessing computing solution performance characteristics and requirements. In addition this exam will test a candidate’s knowledge of hardware components associated with the FlexPod Solution and the process for selecting proper hardware for a given set of requirements.

The FlexPod Design (FPDESGN) (500-170) exam is a 60-minute, 45-55 question exam that tests system engineers on their knowledge of the FlexPod solution. This exam tests a candidate’s knowledge of the tools and standards for assessing computing solution performance characteristics and requirements. In addition, this exam will test a candidate’s knowledge of the hardware components associated with the FlexPod solution and the process for selecting proper hardware for a given set of requirements.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

QUESTION 1
What is the maximum aggregate traffic available to a half-width UCS B-Series blade in a 5108
Chassis with two 2208XP Fabric Extenders, Cisco VIC 1240 adapter, and Cisco Port Expander
Card for VIC 1240?

A. 40 Gb
B. 80 Gb
C. 120 Gb
D. 320 Gb

Answer: B

Explanation:

QUESTION 2
Which four are components of Cisco UCS stateless computing? (Choose four)

A. Utilization of service profiles to apply parameter settings from server hardware
B. Elements of a server’s personality, which may be included in a service profile, include firmware
versions, UUID, MAC Addresses, World Wide Names, and boot settings.
C. A one to one mapping of an application to a server
D. Boot from SAN
E. Every physical server in a Cisco UCS instance should remain anonymous until you associate a
service profile with it
F. A one to one mapping to the identity information burned into the hardware (mac addresses,
etc).

The Cisco CCIE Wireless Written Exam is a 2-hour test that will validate that a wireless engineer has the expertise to plan, design, implement, operate, and troubleshoot complex enterprise WLAN networks.

Written Exam Topics v3.0 (Recommended for candidates scheduled to take the test BEFORE July 25, 2016)

Written Exam Topics v3.1 (Recommended for candidates scheduled to take the test ON July 25, 2016 and beyond)

The Cisco CCIE® Wireless Written Exam (#400-351) is a 2-hour test with 90–110 questions that will validate that a wireless engineer has the expertise to plan, design, implement, operate and troubleshoot complex enterprise WLAN networks.

The exam is closed book and no outside reference materials are allowed. The following topics are general guidelines for the content that is likely to be included on the lab exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the following guidelines may change at any time without notice.

Written Exam Topics v3.0 (Recommended for candidates who are scheduled to take the exam BEFORE July 25, 2016)

Exam Description
The Cisco CCIE® Wireless Written Exam (400-351) version 3.1 is a 2-hour test with 90–110 questions that will validate that a wireless engineer has the expertise to plan, design, implement, operate and troubleshoot complex enterprise WLAN networks.

The exam is closed book and no outside reference materials are allowed. The following topics are general guidelines for the content that is likely to be included on the lab exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the following guidelines may change at any time without notice.

Written Exam Topics v3.1 (Recommended for candidates who are scheduled to take the exam ON July 25, 2016 and beyond)

The Cisco CCIE Service Provider Written Exam (400-201) version 4.0 is a two-hour test with 90-110 questions that validate professionals who have the expertise to design, implement, diagnose, and troubleshoot complex Service Provider highly available network infrastructure and services based on dual stack solutions (IPv4 and IPv6); understand how the network and service components interoperate; and understand the functional requirements and translate into specific device configurations.

Written Exam Topics v4.0 (Recommended for candidates scheduled to take the test BEFORE July 25, 2016)

Written Exam Topics v4.1 (Recommended for candidates scheduled to take the test ON July 25, 2016 and beyond)

Exam DescriptionThe Cisco CCIE® Service Provider Written Exam (400-201) version 4.0 is a two-hour test with 90−110 questions that validate professionals who have the expertise to design, implement, diagnose, and troubleshoot complex Service Provider highly available network infrastructure and services based on dual stack solutions (IPv4 and IPv6); understand how the network and service components interoperate; and understand the functional requirements and translate into specific device configurations. The exam is closed book and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCIE Service Provider Written Exam Topics v4.0 (Recommended for candidates who are scheduled to take the exam BEFORE July 25, 2016)

Exam DescriptionThe Cisco CCIE® Service Provider Written Exam (400-201) version 4.1 is a two-hour test with 90−110 questions that validate professionals who have the expertise to design, implement, diagnose, and troubleshoot complex Service Provider highly available network infrastructure and services based on dual stack solutions (IPv4 and IPv6); understand how the network and service components interoperate; and understand the functional requirements and translate into specific device configurations. The exam is closed book and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCIE Service Provider Written Exam Topics v4.1 (Recommended for candidates who are scheduled to take the exam ON July 25, 2016 and beyond)

QUESTION 3
Two Tier 2 Service Providers are using a Tier 1 Service Provider for transport. MPLS is required between the Tier 2 Service Providers for label switching. In this CSC solution, which label stack is correct?

QUESTION 4
Which are the two purposes of the MPLS label value 1? (Choose two.)

A. it is used for MPLS OAM packets.
B. it indicates an implicit null label.
C. it is used for VPNv6 packets.
D. it is used to carry the QoS value in the label stack.
E. it indicates an explicit null label.
F. it indicates a router alert label.

QUESTION 7
Customers connecting to a Service Provider for Internet access are intending to implement redundant peering. The design requirements call for preferring a primary link for both ingress and egress traffic. Secondary links should be used only during primary outages. What two BGP deployment options will accomplish this design goal? (Choose two.)

A. On the router handling the secondary link, advertise routes with a MED value of 0.
B. On the router handling the primary link, set the weight for all incoming routes to be a value of 0.
C. On the router handling the secondary link, advertise all routes with a longer AS-PATH value.
D. On the router handling the primary link, advertise all routes with a longer AS-PATH value.
E. On the router handling the secondary link, set the local preference for all incoming routes to be a value of 0.

Written Exam Topics v5.0 (Recommended for candidates scheduled to take the test BEFORE July 25, 2016)

Written Exam Topics v5.1 (Recommended for candidates scheduled to take the test ON July 25, 2016 and beyond)
Exam DescriptionThe CCIE written exam is a two-hour qualification exam. The exam uses a combination of 90-110 multiple choice questions and simulations to assess skills. Exams are closed book and no reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCIE Routing and Switching Written Exam Topics v5.0 (Recommended for candidates who are scheduled to take the exam BEFORE July 25, 2016)

CCIE Routing and Switching Written Exam (400-101) Version 5.1
Exam DescriptionThe Cisco CCIE® Routing and Switching Written Exam [400-101] version 5.1 is a 2-hour test with 90−110 questions that will validate that professionals have the expertise to: configure, validate, and troubleshoot complex enterprise network infrastructure; understand how infrastructure components interoperate; and translate functional requirements into specific device configurations. The exam is closed book and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCIE Routing and Switching Written Exam Topics v5.1 (Recommended for candidates who are scheduled to take the exam ON July 25, 2016 and beyond)

Explanation:
Embedded Packet Capture (EPC) provides an embedded systems management facility that helps in tracing and troubleshooting packets. This feature allows network administrators to capture data packets flowing through, to, and from a Cisco device. The network administrator may define the capture buffer size and type (circular, or linear) and the maximum number of bytes of each packet to capture. The packet capture rate can be throttled using further administrative controls. For example, options allow for filtering the packets to be captured using an Access Control List and, optionally, further defined by specifying a maximum packet capture rate or by specifying a sampling interval.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/epc/configuration/xe-3s/asr1000/epc-xe-3s-asr1000-book/nm-packet-capture-xe.html

QUESTION 3
Which BGP feature enables you to install a backup path in the forwarding table?

Explanation:
To install a backup path into the forwarding table and provide prefix independent convergence (PIC) in case of a PE-CE link failure, use the additional-paths install backup command in an appropriate address family configuration mode. To prevent installing the backup path, use the no form of this command. To disable prefix independent convergence, use the disable keyword.
Reference: http://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-2/routing/command/reference/b_routing_cr42crs/b_routing_cr42crs_chapter_01.html

QUESTION 4
What are the minimal configuration steps that are required to configure EIGRP HMAC-SHA2 authentication?

QUESTION 5
Which two statements about the OSPF two-way neighbor state are true? (Choose two.)

A. Each neighbor receives its own router ID in a hello packet from the other neighbor.
B. Each neighbor receives a hello message from the other neighbor.
C. It is valid only on NBMA networks.
D. It is valid only on point-to-point networks.
E. Each neighbor receives an acknowledgement of its own hello packet from the other neighbor.
F. Each neighbor receives the router ID of the other neighbor in a hello packet from the other neighbor.

This exam validates that candidates have the skills to plan, design, implement, operate, and troubleshoot enterprise collaboration and communication networks.

Written Exam Topics v1.0 (Recommended for candidates scheduled to take the test BEFORE July 25, 2016)

Written Exam Topics v1.1 (Recommended for candidates scheduled to take the test ON July 25, 2016 and beyond)

Exam DescriptionThe Cisco CCIE® Collaboration Written Exam (400-051) version 1.0 has 90-110 questions and is 2 hours in duration. This exam validates that candidates have the skills to plan, design, implement, operate, and troubleshoot enterprise collaboration and communication networks. The exam is closed book, and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCIE Collaboration Written Exam Topics v1.0 (Recommended for candidates who are scheduled to take the exam BEFORE July 25, 2016)

The Cisco CCIE® Collaboration Written Exam [400-051] version 1.1 has 90-110 questions and is 2 hours in duration. This exam validates that candidates have the skills to plan, design, implement, operate, and troubleshoot enterprise collaboration and communication networks. The exam is closed book, and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCIE Collaboration Written Exam Topics v1.1 (Recommended for candidates who are scheduled to take the exam ON July 25, 2016 and beyond)

QUESTION 1
A SIP carried delivers DIDs to a Cisco Unified Border Element in the form of +155567810XX,
where the last two digits could be anything from 00 to 99. To match the internal dial plan, that
number must be changed to 6785XXX, where the last two digits should be retained. Which two
translation profiles create the required outcome? (Choose two)

QUESTION 3
Users report that they are unable to control their Cisco 6941 desk phone from their Jabber client,
but the Jabber client works as a soft phone. Which two configuration changes allow this? (Choose two)

A. Assign group “Standard CTI Allow Control of Phones supporting Connected Xfer and Conf” to the user.
B. Set the End User page to the Primary Extension on the desk phone.
C. Set the Owner User ID on the desk phone.
D. Assign group “Standard CTI Enabled User Group” to the user.
E. Assign group “Standard CTI Allow Control of Phones Supporting Rollover Mode” to the user.

Answer: A,E
Explanation:

QUESTION 4
Which two parameters, in the reply of an MGCP gateway to an Audit Endpoint message, indicate
to a Cisco Unified CM that it has an active call on an endpoint? (Choose two)

QUESTION 6
During a Cisco Connection extension greeting, callers can press a single key to be transferred to a
specific extension. However, callers report that the system does not process the call immediately
after pressing the key. Which action resolves this issue?

Exam DescriptionCisco CCDE® Written Exam (352-001) version 2 is a 2-hour test with 90−110 questions that will validate that professionals have the expertise to gather and clarify network functional requirements, develop network designs to meet functional specifications, develop an implementation plan, convey design decisions and their rationale, and possess expert-level network infrastructure knowledge. The exam is closed book, and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCDE Written Exam Topics v2.0 (Recommended for candidates who are scheduled to take the exam BEFORE July 25, 2016)

1.0 Layer 2 Control Plane 26%

1.1 Describe fast convergence techniques and mechanisms

1.1.a Down detection
1.1.b Interface dampening

1.2 Describe loop detection and mitigation protocols

1.2.a Spanning tree types
1.2.b Spanning tree tuning techniques

1.3 Describe mechanisms that are available for creating loop-free topologies

4.13 Describe tools and technologies for SAN fabric deployment
CCDE Written Exam (352-001) Version 2.1

Exam Description
Cisco CCDE® Written Exam [352-001] version 2.1 is a 2-hour test with 90−110 questions that test a candidate’s combined knowledge of routing protocols, internetworking theory and design principles. The exam assesses a candidate’s understanding of network design in the areas of routing, tunneling, Quality of Service, Management, Cost, Capacity, and Security. This exam combines in-depth technical concepts with Network Design principles and is intended for a Network Professional with at least 7 years of experience in Network Engineering or Advanced Network Design. Product-specific knowledge including version of code, implementation and operations specific concepts is not tested on the CCDE exam. The exam is closed book and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCDE Written Exam Topics v2.1 (Recommended for candidates who are scheduled to take the exam on July 25, 2016 and beyond)

1.0 Layer 2 Control Plane 24%

1.1 Describe fast convergence techniques and mechanisms

1.1.a Down detection
1.1.b Interface dampening

1.2 Describe loop detection and mitigation protocols

1.2.a Spanning tree types
1.2.b Spanning tree tuning techniques

1.3 Describe mechanisms that are available for creating loop-free topologies

QUESTION 1
A network designer is redesigning an enterprise campus network to ensure that Ethernet switches
proactively attempt to reconnect after a fiber cut. In the design, they will have to address areas
where fiber cuts exist on campus from past troubleshooting, where a single fiber is disconnected in
the fiber pair, leading to looping. Which feature could be implemented in the design to allow the
Spanning Tree Protocol on the switches to be protected?

QUESTION 2
A switched network is being designed to support a manufacturing factory. Due to cost constraints,
fiber-based connectivity is not an option. Which design allows for a stable network when there is a
risk of interference from the manufacturing hardware in use on the factory floor?

A. Design the network to include UDLD to detect unidirectional links and take them out of service.
B. Design the network to include EtherChannel bundles to prevent a single-link failure from taking
down a switch interconnection point.
C. Design the network to include loop guard to prevent a loop in the switched network when a link
has too much interference.
D. Design the network to include BackboneFast on all devices to accelerate failure convergence
times.

Answer: A

Explanation:

QUESTION 3
A service provider has a Resilient Ethernet Protocol ring running as a metro backbone between its
locations in one city. A customer wants to connect one site with one box redundant to the Resilient
Ethernet Protocol ring at two different service provider locations. How can this be done without
producing any Layer 2 loops within the network design?

A. Spanning tree at the service provider side only must be enabled.
B. Spanning tree at the customer side only must be enabled.
C. Flex Links at the service provider side only must be enabled.
D. Flex Links at the customer side only must be enabled.
E. EtherChannel at the service provider side and the customer side must be enabled.
F. Spanning tree at the service provider side and the customer side must be enabled.
G. Flex Links at the service provider side and the customer side must be enabled.

Answer: D

Explanation:

QUESTION 4
You have created a network design that has two point-to-point Metro Ethernet circuits extending a
single production VLAN between two data centers. Under normal circumstances, one circuit will
carry traffic and spanning tree will block the other. If the company wants you to make use of both
circuits to carry production traffic, which two technologies and features will you investigate to
integrate into your network design? (Choose two.)

A. EtherChannel
B. MST
C. Multichassis EtherChannel
D. PVST+

Answer: A,C

Explanation:

QUESTION 5
Voice traffic between two campus enterprise networks is growing. The network designers decide
to add a second 10-Mb Metro Ethernet service parallel to their original 10-Mb service in order to
provide more bandwidth and diversity. The QoS profile will be the same on the new 10-Mb service
due to the voice stability on the first Metro Ethernet link. When the second link is added to the
OSPF domain, which traffic design consideration would have the most impact on the voice traffic
when both links are active?

This exam tests the skills and competencies of security professionals in terms of describing, implementing, deploying, configuring, maintaining, and troubleshooting Cisco network security solutions and products, as well as current industry best practices and internetworking fundamentals.

Topics include networking fundamentals and security-related concepts and best practices, as well as Cisco network security products and solutions in areas such as VPNs, intrusion prevention, firewalls, identity services, policy management, and device hardening. Content includes both IPv4 and IPv6 concepts and solutions.

CCIE Security Written Exam (350-018) version 4.0

Exam DescriptionThe Cisco CCIE® Security Written Exam (350-018) version 4.0 is a 2-hour test with 90–110 questions. This exam tests the skills and competencies of security professionals in terms of describing, implementing, deploying, configuring, maintaining, and troubleshooting Cisco network security solutions and products, as well as current industry best practices and internetworking fundamentals.

Topics include networking fundamentals and security-related concepts and best practices, as well as Cisco network security products and solutions in areas such as VPNs, intrusion prevention, firewalls, identity services, policy management, and device hardening. Content includes both IPv4 and IPv6 concepts and solutions.

The exam is closed book, and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCIE Security Written Exam Topics v4.0 (Recommended for candidates who are scheduled to take the exam BEFORE July 25, 2016)

Exam DescriptionThe Cisco CCIE® Security Written Exam [350-018] version 4.1 is a 2-hour test with 90–110 questions. This exam tests the skills and competencies of security professionals in terms of describing, implementing, deploying, configuring, maintaining, and troubleshooting Cisco network security solutions and products, as well as current industry best practices and internetworking fundamentals.

Topics include networking fundamentals and security-related concepts and best practices, as well as Cisco network security products and solutions in areas such as VPNs, intrusion prevention, firewalls, identity services, policy management, and device hardening. Content includes both IPv4 and IPv6 concepts and solutions.

The exam is closed book, and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCIE Security Written Exam Topics v4.1 (Recommended for candidates who are scheduled to take the exam ON July 25, 2016 and beyond)

QUESTION 1
An RSA key pair consists of a public key and a private key and is used to set up PKI. Which statement applies to RSA and PKI?

A. The public key must be included in the certificate enrollment request.
B. The RSA key-pair is a symmetric cryptography.
C. It is possible to determine the RSA key-pair private key from its corresponding public key.
D. When a router that does not have an RSA key pair requests a certificate, the certificate request is sent, but a warning is shown to generate the RSA key pair before a CA signed certificate is received.

Answer: A

Explanation:
An RSA key pair consists of a public key and a private key. When setting up your PKI, you must include the public key in the certificate enrollment request. After the certificate has been granted, the public key will be included in the certificate so that peers can use it to encrypt data that is sent to the router. The private key is kept on the router and used both to decrypt the data sent by peers and to digitally sign transactions when negotiating with peers.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_pki/configuration/xe-3s/sec-pki-xe-3s-book/sec-pki-overview.html

QUESTION 2
Refer to the exhibit.

Which three descriptions of the configuration are true? (Choose three.)

A. The configuration is on the NHS.
B. The tunnel IP address represents the NBMA address.
C. This tunnel is a point-to-point GRE tunnel.
D. The tunnel is not providing peer authentication.
E. The configuration is on the NHC.
F. The tunnel encapsulates multicast traffic.
G. The tunnel provides data confidentiality.

Answer: A,F,G

QUESTION 3
Which two values you must configure on the Cisco ASA firewall to support FQDN ACL? (Choose two.)

A. a DNS server
B. an FQDN object
C. a policy map
D. a class map
E. a service object
F. a service policy

QUESTION 4
Which set of encryption algorithms is used by WPA and WPA2?

A. Blowfish and AES
B. CAST and RC6
C. TKIP and RC6
D. TKIP and AES

Answer: D

QUESTION 5
What are two enhancements in WCCP V2.0 over WCCP V1.0? (Choose two.)

A. support for HTTP redirection
B. multicast support
C. authentication support
D. IPv6 support
E. encryption support

Answer: B,C

Explanation: WCCP V2.0 supports the following enhancements to the WCCP V1.0
Protocol:
* Multi-Router Support.
WCCP V2.0 allows a farm of web-caches to be attached to more than one router.
* Multicast Support.
WCCP V2.0 supports multicasting of protocol messages between web-caches and routers.
* Improved Security.
WCCP V2.0 provides optional authentication of protocol packets received by web-caches and routers.
* Support for redirection of non-HTTP traffic.
WCCP V2.0 supports the redirection of traffic other than HTTP traffic through the concept of Service Groups.
* Packet return.
WCCP V2.0 allows a web-cache to decline to service a redirected packet and to return it to a router to be forwarded. The method by which packets are returned to a router is negotiable.
Reference: https://tools.ietf.org/id/draft-wilson-wrec-wccp-v2-01.txt